Terraform consumer mapping bucket

Karthikeyannhs · Karthikeyannhs · commit 5fff049315df · 2026-01-13T14:32:03.000Z
diff --git a/infrastructure/modules/lambda/lambda.tf b/infrastructure/modules/lambda/lambda.tf
@@ -17,14 +17,15 @@ resource "aws_lambda_function" "eligibility_signposting_lambda" {
 
   environment {
     variables = {
-      PERSON_TABLE_NAME          = var.eligibility_status_table_name,
-      RULES_BUCKET_NAME          = var.eligibility_rules_bucket_name,
-      KINESIS_AUDIT_STREAM_TO_S3 = var.kinesis_audit_stream_to_s3_name
-      ENV                        = var.environment
-      LOG_LEVEL                  = var.log_level
-      ENABLE_XRAY_PATCHING       = var.enable_xray_patching
-      API_DOMAIN_NAME            = var.api_domain_name
-      HASHING_SECRET_NAME        = var.hashing_secret_name
+      PERSON_TABLE_NAME            = var.eligibility_status_table_name,
+      RULES_BUCKET_NAME            = var.eligibility_rules_bucket_name,
+      CONSUMER_MAPPING_BUCKET_NAME = var.eligibility_consumer_mappings_bucket_name,
+      KINESIS_AUDIT_STREAM_TO_S3   = var.kinesis_audit_stream_to_s3_name
+      ENV                          = var.environment
+      LOG_LEVEL                    = var.log_level
+      ENABLE_XRAY_PATCHING         = var.enable_xray_patching
+      API_DOMAIN_NAME              = var.api_domain_name
+      HASHING_SECRET_NAME          = var.hashing_secret_name
     }
   }
 
diff --git a/infrastructure/modules/lambda/variables.tf b/infrastructure/modules/lambda/variables.tf
@@ -44,6 +44,11 @@ variable "eligibility_rules_bucket_name" {
   type        = string
 }
 
+variable "eligibility_consumer_mappings_bucket_name" {
+  description = "consumer mappings bucket name"
+  type        = string
+}
+
 variable "eligibility_status_table_name" {
   description = "eligibility datastore table name"
   type        = string
diff --git a/infrastructure/stacks/api-layer/lambda.tf b/infrastructure/stacks/api-layer/lambda.tf
@@ -11,27 +11,28 @@ data "aws_subnet" "private_subnets" {
 }
 
 module "eligibility_signposting_lambda_function" {
-  source                            = "../../modules/lambda"
-  eligibility_lambda_role_arn       = aws_iam_role.eligibility_lambda_role.arn
-  eligibility_lambda_role_name      = aws_iam_role.eligibility_lambda_role.name
-  workspace                         = local.workspace
-  environment                       = var.environment
-  runtime                           = "python3.13"
-  lambda_func_name                  = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}eligibility_signposting_api"
+  source                                    = "../../modules/lambda"
+  eligibility_lambda_role_arn               = aws_iam_role.eligibility_lambda_role.arn
+  eligibility_lambda_role_name              = aws_iam_role.eligibility_lambda_role.name
+  workspace                                 = local.workspace
+  environment                               = var.environment
+  runtime                                   = "python3.13"
+  lambda_func_name                          = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}eligibility_signposting_api"
   security_group_ids = [data.aws_security_group.main_sg.id]
-  vpc_intra_subnets                 = [for v in data.aws_subnet.private_subnets : v.id]
-  file_name                         = "../../../dist/lambda.zip"
-  handler                           = "eligibility_signposting_api.app.lambda_handler"
-  eligibility_rules_bucket_name     = module.s3_rules_bucket.storage_bucket_name
-  eligibility_status_table_name     = module.eligibility_status_table.table_name
-  kinesis_audit_stream_to_s3_name   = module.eligibility_audit_firehose_delivery_stream.firehose_stream_name
-  hashing_secret_name               = module.secrets_manager.aws_hashing_secret_name
-  lambda_insights_extension_version = 38
-  log_level                         = "INFO"
-  enable_xray_patching              = "true"
-  stack_name                        = local.stack_name
-  provisioned_concurrency_count     = 5
-  api_domain_name                   = local.api_domain_name
+  vpc_intra_subnets                         = [for v in data.aws_subnet.private_subnets : v.id]
+  file_name                                 = "../../../dist/lambda.zip"
+  handler                                   = "eligibility_signposting_api.app.lambda_handler"
+  eligibility_rules_bucket_name             = module.s3_rules_bucket.storage_bucket_name
+  eligibility_consumer_mappings_bucket_name = module.s3_consumer_mappings_bucket.storage_bucket_name
+  eligibility_status_table_name             = module.eligibility_status_table.table_name
+  kinesis_audit_stream_to_s3_name           = module.eligibility_audit_firehose_delivery_stream.firehose_stream_name
+  hashing_secret_name                       = module.secrets_manager.aws_hashing_secret_name
+  lambda_insights_extension_version         = 38
+  log_level                                 = "INFO"
+  enable_xray_patching                      = "true"
+  stack_name                                = local.stack_name
+  provisioned_concurrency_count             = 5
+  api_domain_name                           = local.api_domain_name
 }
 
 # -----------------------------------------------------------------------------
diff --git a/infrastructure/stacks/api-layer/s3_buckets.tf b/infrastructure/stacks/api-layer/s3_buckets.tf
@@ -7,6 +7,15 @@ module "s3_rules_bucket" {
   workspace    = terraform.workspace
 }
 
+module "s3_consumer_mappings_bucket" {
+  source       = "../../modules/s3"
+  bucket_name  = "eli-consumer-mappings"
+  environment  = var.environment
+  project_name = var.project_name
+  stack_name   = local.stack_name
+  workspace    = terraform.workspace
+}
+
 module "s3_audit_bucket" {
   source                 = "../../modules/s3"
   bucket_name            = "eli-audit"
